Linux Kernel Buffer Overflow Vulnerability in Wilc1000 Wi-Fi Driver

A buffer overflow vulnerability has been addressed in the Linux kernel's Wi-Fi driver for the Microchip Wilc1000 chip. This issue was caused by improper handling of WID string configuration, which could lead to memory corruption. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, allowing for potential memory corruption.

Reproduction

The vulnerability can be reproduced by sending a WID string configuration response that exceeds the allocated buffer size. This can be done by manipulating the firmware to send an oversized string response, which the driver will attempt to copy into a smaller buffer without proper size checks.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.